In 2022 it’s more than likely you’ve been the recipient of a fraudulent email, text message or phone call. In the first half of this year scams cost Australians a total of $295 million, and almost 32,000 phishing scams were reported to the Australian Competition and Consumer Commission’s Scamwatch. As fraudulent communication increases in frequency and sophistication, it’s essential that you and your employees stay educated to avoid falling victim to cybercrime attempts that could have severe consequences for your business.
The different communication channels: Phishing, smishing and vishing
Today scammers aren’t sticking to one communication channel. You’ll need to keep an eye (and an ear) out for phishing, smishing and vishing. Haven’t heard of those terms before? Here’s an overview of the different methods cybercriminals use to target their potential victims.
Phishing: Sent via email, phishing scams often appear to be sent from legitimate businesses or service providers, contain fraudulent links or attachments, and attempt to capture sensitive personal information. Beware of phishing links – clicking on these can result in malware being installed on your device.
Smishing: When scammers contact you via text message, you’re the target of a smishing attempt. Like phishing, these text messages contain fraudulent links that may download malware if clicked.
Vishing: Taking place through a phone call or voicemail message, vishing often uses pre-recorded robocalls to solicit personal information. Scammers have also been known to ask questions that prompt vishing victims to say ‘yes’ and record this audio, which can be used to access financial accounts via the phone.
Top 4 phishing email identifiers:
Now you’re across these methods, we’re going to focus on phishing. Used in Australia since 2003, we’ve compiled a 4-step checklist for avoiding scams in your email inbox. Spotting a phishing scam isn’t always easy, so it’s necessary to use these identification methods in combination with one another.
1. Check the email address
Check the sender’s email address before engaging with content. Legitimate emails will be sent from a verified domain. For example, email@example.com.
2. Check branding and grammar
As identity fraud attacks become more sophisticated, scammers are replicating the email branding of companies they imitate. They commonly impersonate companies that you interact with regularly, such as email or telecommunication providers, banks, or utility companies, which gives them a false sense of legitimacy. If you suspect an email is a phishing scam, you can check the branding for consistency with any email communication you’ve previously received from the company.
Another giveaway for a phishing attack is incorrect spelling and grammar. If an email is plagued with poor spelling, it’s likely fraudulent.
3. Hover above links before clicking them
This precaution is an essential step to check links from suspicious emails. Hovering over a link which may take the form of a button, hyperlinked text or shortened link, will give you a preview of where it goes. You should also check that links start with https:// – if they don’t, the link isn’t secure.
4. Contact the company
If you’ve run through all methods and still can’t identify whether the communication is genuine, call the company the email appears to be from. They’re the best source of information and can advise you whether the information you’ve been asked to provide is required.
What to do if you click on a phishing link?
If you realise you’ve clicked on a phishing link and supplied sensitive personal information, like passwords or financial details, you should act quickly.
Firstly, change the passwords of any accounts that may be compromised. If possible, opt in for two-factor authentication to strengthen the security of your account. If you’ve supplied credit card or account details, you should contact your bank to cancel your card or account.
You can also report the phishing scam to the relevant organisation. In Australia this is the Australian Cyber Security Centre, and you can report the cybercrime through ReportCyber.
Reducing the severity of phishing attacks
The above methods will help you to avoid phishing attempts, however there are other precautions you can take to increase your security online.
If you need support to safeguard your business against cybersecurity threats, Ever Nimble’s CAT (Cyber Awareness Training) platform is an essential resource. As IT system security improves, cybercriminals turn to staff and human error to exploit businesses. In fact, 90% of cyberattacks are successful because of human error, meaning that with the right training they could have been avoided. Our easy to follow cyber security program offers a complete solution that tests, trains, measures and reduces human risk.
- A policy toolkit featuring checklists, policies and legal templates
- Extensive risk reporting to monitor your progress and identify risk areas
- Engaging video training modules, with engagement and compliance reporting
- Dark-Web scanning that includes all staff email addresses
- Awareness posters to keep cybersecurity front of mind
- Phishing simulations so staff can learn to identify and avoid real phishing emails
Other tools we implement in our line of defence against phishing attacks include Proofpoint, Darktrace and Crowdstrike software. These tools monitor your inbox for suspicious activity and work to reduce the chance of an attack.
How we can help
Want expert help to avoid cybercrime attacks in your email inbox and beyond? Our support bundles implement systems to strengthen your cybersecurity, so you can focus on running your business. Our Ever Secure and Ever Secure + bundles offer enhanced security and training, including CAT (Cyber Awareness Training) and AI phishing detection.
Find the best bundle for your business, contact us at firstname.lastname@example.org.